Re: [cabfpub] Ballot 205: Membership-Related Clarifications

DigiCert votes “yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Thursday, June 22, 2017 5:43 AM To: CABFPub Subject: [cabfpub] Ballot 205: Membership-Related Clarifications Ballot 205: Membership-Related

Re: [cabfpub] Four sets of changes for proposed ballots

I’m helping to prepare ballots for these four sets of changes. So far, here are the anticipated endorsers: Peter B., Ryan S. and I intend to present the “underscores” ballot shortly (Ballot 202). I believe that Peter and Li Chun Chen will be presenting the ASN1 ballot, and I’m willing to

Re: [cabfpub] Updated Ballot 190 v2 dated June 29, 2017

Here is the comment tracking document. https://docs.google.com/spreadsheets/d/1uhKyrW9v9dDqgo4sVxoRx5e7sw0GE6zDoYqe EoE1WiI/edit?usp=sharing (If you make any changes, be sure to save a copy of

Re: [cabfpub] Voting on Ballot 192 ends tomorrow (Wed. June 28) at 22:00 UTC

Please vote so that we reach quorum From: Kirk Hall via Public Sent: ‎6/‎27/‎2017 2:54 PM To: CA/Browser Forum Public Discussion List Subject: [cabfpub] Voting on Ballot 192 ends tomorrow (Wed. June 28) at

Re: [cabfpub] Ballot 192 - Notary revision

Digicert votes "yes" From: Bruce Morton via Public Sent: ‎6/‎25/‎2017 3:56 PM To: CA/Browser Forum Public Discussion List Subject: Re: [cabfpub] Ballot 192 - Notary revision Entrust votes Yes to ballot 192.

Re: [cabfpub] Baseline Requirements "Certificate Policy" for the Issuance and Management of Publicly-Trusted Certificates

I’d support removing the words “Certificate Policy” from the document title, if that is the request, but I am fine with whatever the group decides. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Rich Smith via Public Sent: Wednesday, June 21, 2017 5:51 PM To: 'Ryan Sleevi'

[cabfpub] Network Security Controls

One of the sources of external standards mentioned during our last face-to-face meeting was CIS' List of 20 Critical Security Controls, which I've uploaded here to the wiki for your reference - https://cabforum.org/wiki/Security. (Previous drafts of the network security requirements can be found

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

of Wildcard Domain Name and then using it here. `Wildcard Domain Name: A Domain Name formed by prepending "*." to a FQDN` Thanks, Peter On May 25, 2017, at 1:08 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: I’m looking for two endo

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

positions permitted to contain a hyphen character` 2) I would suggest adding a definition of Wildcard Domain Name and then using it here. `Wildcard Domain Name: A Domain Name formed by prepending "*." to a FQDN` Thanks, Peter On May 25, 2017, at 1:08 PM, Ben Wilson via Public <

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

Let me word this another way. Who believes that an underscore character cannot be the first character in an FQDN? -Original Message- From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Thursday, June 1, 2017 12:22 PM To: Peter Bowen <p...@amzn.

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

fully support a defense in depth approach that reflects CAs obligations and expectations to abide by the relative standards and wellformedness. On Thu, Jun 1, 2017 at 2:21 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: Peter, Respectfully, I

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

ot start or end a label. I suggest `one or more underscore characters (“_”) may be present in the FQDN in positions permitted to contain a hyphen character` 2) I would suggest adding a definition of Wildcard Domain Name and then using it here. `Wildcard Domain Name: A Domain Name formed by prep

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

omain Name: A Domain Name formed by prepending "*." to a FQDN` Thanks, Peter > On May 25, 2017, at 1:08 PM, Ben Wilson via Public <public@cabforum.org> > wrote: > > I’m looking for two endorsers for Ballot 202 – Underscore Characters > in SANS The current Baseli

Re: [cabfpub] Ballot 200 - Amendment of Bylaws to add Code of Conduct

DigiCert votes “Yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Virginia Fournier via Public Sent: Tuesday, May 16, 2017 2:55 PM To: CA/Browser Forum Public Discussion List Cc: Virginia Fournier Subject: [cabfpub] Ballot 200 -

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

eserved IP Address. --Motion Ends-- Thanks, Ben From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Thursday, April 20, 2017 12:09 PM To: Ryan Sleevi <sle...@google.com>; CA/Browser Forum Public Discussion List <public@cabforum.org> C

Re: [cabfpub] Preballot - Revised Ballot 190

Pre-validation is a common practice. Here is scenario: 1 – a. Customer signs a contract with domains listed therein, or b. signs up for an account, obtains a username/password and submits domain names. 2 – CA starts the domain validation process 3 – Customer submits CSR 4 – CA

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

f Business Information Here is a markup of BR section 9.2.7 for ballot 191. Thanks, Bruce. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via Public Sent: Thursday, May 18, 2017 11:18 AM To: CA/Browser Forum Public Discussion List <public@cabforum.org<mailto:p

Re: [cabfpub] Ballot 191 - Clarify Place of Business Information

Just a clarification for everyone, the text below was copied out of the wiki with wiki markup language, so the following text is being deleted --(City, State, and country - Required; Street and postal code - Optional)-(the open and close parentheses with dashes indicates a deletion). From:

Re: [cabfpub] [EXTERNAL]Re: Revised Notice of Review Period - Ballot 198 - .Onion Revisions

lic@cabforum.org> and voted on - which included the redline changes). That is, it's unclear whether the text Kirk included in the Review Notice - which is different than the ballot (since it omits the redlines) - supersedes/replaces the Ballot itself. Does this capture every possible in

Re: [cabfpub] Revised Notice of Review Period - Ballot 198 - .Onion Revisions

n the Review Notice - which is different than the ballot (since it omits the redlines) - supersedes/replaces the Ballot itself. Does this capture every possible interpretation? Are the others? On Tue, May 16, 2017 at 1:00 PM, Ben Wilson via Public <public@cabforum.org <mailto:

Re: [cabfpub] Profiling OCSP & CRLs

onable expectations. That is, there's a lot - a *lot* - that can go wrong with 1 year OCSP responders/CRLs. So if we're going to allow them, we need CAs to think about the technical risks and make proactive suggestions on how best to codify that. Because just a blanket "1 year respond

Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

DigiCert votes yes. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Doug Beattie via Public Sent: Friday, May 5, 2017 12:42 PM To: CA/Browser Forum Public Discussion List Cc: Doug Beattie Subject: Re: [cabfpub] Ballot 199 -

Re: [cabfpub] Ballot 199 - Require commonName in Root and Intermediate Certificates

Two questions, Gerv. 1 - Does this ballot rule out “vanity CAs” – CAs with customer names in the subject field, even though the key is held by the root CA? (I can provide further clarification, and/or examples, if necessary. 2- What is the full current wording of Ballot 199? Thanks,

Re: [cabfpub] Revocation Timeframe Ballot Language

red in https://cabforum.org/pipermail/public/2015-March/005312.html Are there new concerns why that approach wouldn't work? On Tue, May 2, 2017 at 7:23 PM, Ben Wilson via Public <public@cabforum.org<mailto:public@cabforum.org>> wrote: All, Attached is a redlined Word doc con

Re: [cabfpub] Baseline Requirements v. 1.4.6

All versions are now posted here - <https://cabforum.org/baseline-requirements-documents/> https://cabforum.org/baseline-requirements-documents/ I will upload them to the wiki and update the GitHub version. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via

Re: [cabfpub] Ballot 197 – Effective Date of Ballot 193 Provisions (amended April 26)

DigiCert votes “yes” From: Public > on behalf of Kirk Hall via Public > Reply-To: CA/Browser Forum Public Discussion List > Date:

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs

Re: [cabfpub] Pre-Ballot: Underscore Characters in SANs On Thu, Apr 20, 2017 at 1:07 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: All, I’m looking for two endorsers for a proposed amendment to section 7.1.4.2.1 of the Baseline Requ

[cabfpub] Pre-Ballot: Underscore Characters in SANs

All, I'm looking for two endorsers for a proposed amendment to section 7.1.4.2.1 of the Baseline Requirements--to be modified to allow the underscore character ("_") in SANs and to remove the sunset language in that section related to internal names and reserved IP addresses. The revised

Re: [cabfpub] RFC5280-related Ballot - For Discussion

public@cabforum.org <mailto:public@cabforum.org> > wrote: No, encoding it as a UTF8String is not valid in the subjectAltName (whose type dNSName is defined as IA5String) On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org>

Re: [cabfpub] RFC5280-related Ballot - For Discussion

e definition of? The spec provides extensibility mechanisms that allow you to do what you want without breaking compliant code. On Apr 13, 2017, at 12:42 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: Any endorsers? From: Public [mailto:pub

Re: [cabfpub] RFC5280-related Ballot - For Discussion

r Discussion No, encoding it as a UTF8String is not valid in the subjectAltName (whose type dNSName is defined as IA5String) On Tue, Apr 11, 2017 at 4:31 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: If the ballot were amended to address on

Re: [cabfpub] Ballot 196: Define "Audit Period"

DigiCert votes “yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, April 3, 2017 12:06 PM To: CABFPub Cc: Gervase Markham Subject: [cabfpub] Ballot 196: Define "Audit Period" Ballot 196 -

Re: [cabfpub] Ballot 195: CAA Fixup

DigiCert votes “yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Gervase Markham via Public Sent: Monday, April 3, 2017 11:58 AM To: CABFPub Cc: Gervase Markham Subject: [cabfpub] Ballot 195: CAA Fixup Ballot 195 - CAA Fixup

Re: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

DigiCert votes “yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Chris Bailey via Public Sent: Sunday, April 2, 2017 2:27 PM To: public@cabforum.org Cc: Chris Bailey Subject: [cabfpub] Ballot 194 – Effective Date of Ballot 193 Provisions

Re: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of Baseline Requirements

DigiCert votes “Yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via Public Sent: Wednesday, April 5, 2017 1:47 AM To: public@cabforum.org Cc: Dimitris Zacharopoulos Subject: [cabfpub] Ballot 189 (revised) - Amend Section 6.1.7 of

Re: [cabfpub] RFC5280-related Ballot - For Discussion

i via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: That's an interesting take. I read the same discussions and took quite the opposite conclusion. On Mon, Apr 10, 2017 at 3:23 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforu

Re: [cabfpub] RFC5280-related Ballot - For Discussion

viewed prior to the production of 5280 - that is, it was known at the time 5280 was produced, and was decided not to adopt - see https://www.ietf.org/mail-archive/web/pkix/current/msg02357.html and https://www.ietf.org/mail-archive/web/pkix/current/msg02336.html On Mon, Apr 3, 2017 at 11:22 AM, Ben Wilso

[cabfpub] RFC5280-related Ballot - For Discussion

Here is a redlined version of sections 7.1.4.2.1 and 7.1.4.2.2 of the Baseline Requirements which proposes amendments to the way the Baseline Requirements handle the maximum length for subjectAltName, commonName and organizationName and also clarifies the use of the underscore character.

Re: [cabfpub] Naming rules

Ryan, I suppose you are unwilling to suggest language that would correct this perceived flaw in the proposal? Ben From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: Tuesday, March 28, 2017 8:17 AM To: Rich Smith Cc: Ryan

Re: [cabfpub] CAB Forum membership criteria

What about "While suspended, CAs may attend meetings but not vote." ? If someone makes a Contribution, I see that as something positive, because under 6.4.c. of the IPR Policy, "CAB Forum Participants that submit Contributions, by making a Contribution, represent and warrant that, to the

Re: [cabfpub] Naming rules

One alternative is to just drop the criterion, and then it doesn’t create an issue. “This field is also optional if the Relative Distinguished Name (RDN) matches the RDN of an organization’s registration in a national-government-adopted X.500 directory that does not contain the localityName

Re: [cabfpub] Naming rules

in their DIT are uniquely identifiable, but in their totality are not. On Fri, Mar 24, 2017 at 5:46 PM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: Attached is a redlined snippet from the Baseline Requirements. It proposes adding

Re: [cabfpub] Question on form of Review Notices

Just in case a "full" copy of the EV Guidelines or Baseline Requirements is deemed necessary, redlined versions have now been posted at https://cabforum.org/baseline-requirements-documents/ and

Re: [cabfpub] Voting has started on Ballot 193 - 825-day Certificate Lifetimes

Digicert votes “Yes” From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: Saturday, March 11, 2017 10:20 AM To: CA/Browser Forum Public Discussion List Cc: Kirk Hall Subject: [cabfpub] Voting has started

Re: [cabfpub] Life after Ballot 188 - Clarify use of term "CA" in Baseline Requirements

Previously Ryan raised several concerns he had regarding Ballot 188. As discussed below, some of those concerns were not germane to the ballot, but were suggestions for future policy changes because the Working Group endeavored that the ballot be policy-neutral. I am not arguing that we were

Re: [cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements

s amendment. > > > > Ben > > > > From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ben Wilson via > Public > Sent: Tuesday, February 21, 2017 11:21 AM > To: public@cabforum.org > Cc: Ben Wilson <ben.wil...@digicert.com> > Subject: Re:

Re: [cabfpub] Ballot 188 - Clarify use of term "CA" in Baseline Requirements

This is a reminder that discussion is currently open on Ballot 188. The discussion period closes and voting begins at 2200 UTC on Thursday. Please take time to review the proposed changes before then. From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Dimitris Zacharopoulos via

Re: [cabfpub] Ballot 185 (Revised) - Limiting the Lifetime of Certificates

DigiCert votes NO - we prefer a two-year certificate validity period and we're hopeful that with further discussion we can come to a consensus of two years. Our customers just aren't ready for a shorter certificate lifetime. From: Josh Aas via

Re: [cabfpub] Ballot 183 was approved

The current bylaws are now posted on the website – <https://cabforum.org/bylaws/> https://cabforum.org/bylaws/ A redlined version is here: <https://cabforum.org/wiki/Bylaws> https://cabforum.org/wiki/Bylaws From: Public [mailto:public-boun...@cabforum.org] On Behalf O

Re: [cabfpub] Ballot 183 was approved

My apologies, I think Kirk asked me to prepare an updated version. I’ll post one today. Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Ryan Sleevi via Public Sent: Thursday, February 9, 2017 1:57 PM To:

Re: [cabfpub] SMIME Group Email List

r to working on a charter, should we resolve the governance issues about whether such things should be charterable? On Thu, Feb 9, 2017 at 8:28 AM, Ben Wilson via Public <public@cabforum.org <mailto:public@cabforum.org> > wrote: Prior to the chartering of the SMIME working gro

[cabfpub] Updated Baseline Requirements and EV Guidelines

The most current version of the Baseline Requirements (v.1.4.2) and EV Guidelines (v.1.6.1) are on the wiki, Github, and public web site. See https://cabforum.org/baseline-requirements-documents/ and https://cabforum.org/extended-validation/. Please let me know if you have any questions. Ben

Re: [cabfpub] Voting has started on Ballot 181 - ends January 7

DigiCert "Abstains" on Ballot 181 Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: 02 January 2017 18:29 To: CA/Browser Forum Public Discussion List

Re: [cabfpub] Voting has started on Ballot 180 - ends January 7

DigiCert "Abstains" on Ballot 180 Ben Wilson, JD, CISA, CISSP VP Compliance +1 801 701 9678 From: Public [mailto:public-boun...@cabforum.org] On Behalf Of Kirk Hall via Public Sent: 02 January 2017 18:28 To: CA/Browser Forum Public Discussion List

[cabfpub] Call for Interest in Chartering S/MIME Working Group

This is a call for interest of CAB Forum members in participating in the chartering of a working group to work on S/MIME certificate guidelines. If you are interested, please send me an email and I'll add you to the group of interested members. smime.p7s Description: S/MIME

<    1   2